KR20220038053A - How to build a resilient operating system based on sustainable services with kernel support - Google Patents

Abstract

In one embodiment, a method comprises creating a handle referencing a checkpoint for a service, sending the handle to the service, wherein the handle is configured to be used by the service at the checkpoint to store one or more states of the service sending the handle, determining that a service needs to be restarted, restarting the service, accessing the handle to the checkpoint, and sending the handle to the checkpoint to the restarted service. sending the handle to the restarted service, wherein the handle to the checkpoint is configured for use by the restarted service to restore one or more states.

Description

How to build a resilient operating system based on sustainable services with kernel support

BACKGROUND This disclosure relates generally to operating systems.

An operating system (OS) is system software that manages computer hardware and software resources and provides common services for computer programs. Time-sharing operating systems schedule tasks for efficient use of the system and may also include accounting software for cost allocation of processor time, mass storage, printing, and other resources. For hardware functions such as input and output and memory allocation, the operating system acts as an intermediary between programs and computer hardware, but application code is usually executed directly by the hardware and frequently makes system calls to OS functions or interrupted by it Operating systems are found on many devices, including computers, from cell phones and video game consoles to web servers and supercomputers.

In computing, a process is an instance of a computer program being executed by one or many threads. It contains the program code and its activities. Depending on the operating system (OS), a process may consist of multiple threads of execution executing instructions concurrently. A computer program is a passive collection of instructions, but a process is the actual execution of these instructions. Multiple processes may be associated with the same program; For example, opening multiple instances of the same program often causes more than one process to run. Process management is an integral part of any modern operating system (OS). The OS must allocate resources to processes, enable processes to share and exchange information, protect each process's resources from other processes, and enable synchronization between processes. To meet these requirements, the OS must maintain a data structure for each process, which describes the state and resource ownership of that process, and allows the OS to exercise control over each process.

In certain embodiments, the operating system of the computing system can effectively restore crash service in the microkernel without restarting the operating system. The operating system can run a number of services, but if some of them crash or have to be restarted, the associated data can be lost, which can be detrimental to the operating system if the system needs to be restarted. To address this issue, the embodiments disclosed in this application may build a resilient operating system capable of restarting a crash service and restoring its pre-crash state without restarting the operating system. Essential skills may include maintaining the state of each service by establishing special contracts with the microkernel through APIs provided by the microkernel. A contract may provide special pages of memory that a service may checkpoint its state, particularly a state that cannot be recovered automatically. In addition, pages provided by one service may be separated from pages provided by other services so that there is little chance of changing the state in case of a conflict. By way of example and not limitation, a launcher service in the operating system may be responsible for tracking all of the services that have been launched and are currently actively running. When the operating system implements a service list, it may ask the launcher service to iterate through all of the launched services. When there is a conflict, the operating system, through the kernel API, can find a checkpoint for the launcher service on the same page or set of pages and obtain a handle to the checkpoint. During restart of the launcher service, the loader service will pass the handle to the newly-started launcher service. Through the handle, the launcher service can retrieve the state before the crash. While this disclosure describes restoring a particular state through particular systems in particular ways, this disclosure contemplates restoring any suitable state through any suitable system in any suitable manner.

In certain embodiments, the operating system may create, for the first service, a handle referencing the checkpoint. The operating system may then send the handle to the first service. The handle may be configured for use by the first service to store one or more states of the service at the checkpoint. In certain embodiments, the operating system may determine that the first service needs to be restarted. The operating system may then restart the first service. The operating system may also access the handle to the checkpoint. In certain embodiments, the operating system may send a handle to the checkpoint to the restarted first service. The handle to the checkpoint may be configured for use by the restarted first service to restore one or more states.

Embodiments of the present invention may include or be implemented with an artificial reality system. Artificial reality is a form of reality that has been adjusted in some way prior to presentation to a user, such as virtual reality (VR), augmented reality (AR), mixed reality (MR), hybrid reality, or some combination thereof and / or derivatives. Artificial reality content may include fully generated content or generated content combined with captured content (eg, real-world photos). Artificial reality content may include video, audio, haptic feedback, or some combination thereof, any of which may be in a single channel or in multiple channels (such as stereo video creating a three-dimensional effect to the viewer). ) can be provided. Additionally, in some embodiments, artificial reality is, for example, used to create content in and/or used in (eg, performing activities on) applications, products, accessories in artificial reality. , services, or some combination thereof. An artificial reality system that provides artificial reality content may include a head-mounted display (HMD) coupled to a host computer system, a standalone HMD, a mobile device or computing system, or any other capable of providing artificial reality content to one or more viewers. It may be implemented on a variety of platforms, including hardware platforms.

According to the present invention, there is provided a method comprising, by an operating system executing on a computing device: creating, for a first service, a handle referencing a checkpoint; sending the handle to the first service, the handle being configured to be used by the first service to store one or more states of the first service at the checkpoint to do; determining that the first service needs to be restarted; restarting the first service; accessing a handle to the checkpoint; and sending a handle to the checkpoint to the restarted first service, wherein the handle to the checkpoint is configured to be used by the restarted first service to restore the one or more states. and transmitting to the restarted first service.

Optionally, the first service is associated with a monitor. Optionally, determining that the first service needs to be restarted is based on the monitor.

Optionally, the method further comprises generating a first key for the checkpoint. Optionally, accessing the handle to the checkpoint is based on the first key.

Optionally, the first service is a component of the operating system.

Optionally, determining that the first service needs to be restarted is based on an indication that the first service is unresponsive.

Optionally, accessing the handle comprises accessing a service-key index comprising a plurality of entities corresponding to the plurality of services. Optionally, each entry in the service-key index includes a service identifier and a key associated with the service identifier.

The first service may optionally be associated with a first service identifier.

Optionally, accessing the handle further comprises identifying a first key from the service-key index based on the first service identifier.

Optionally, accessing the handle further comprises retrieving the handle from a plurality of handles that reference a plurality of checkpoints associated with a plurality of services based on the identified first key.

Optionally, each of said one or more states includes one or more of a data item or a handle.

Optionally, restarting the first service does not require restarting one or more kernels or second services. Optionally, the one or more microkernels or second services are components of an operating system.

According to the present invention, there is further provided one or more computer-readable non-transitory storage media comprising software, wherein the software, when executed: creates, for a first service, a handle referencing a checkpoint; sending the handle to the first service, the handle being configured to be used by the first service to store one or more states of the first service at the checkpoint; ; determine that the first service needs to be restarted; restart the first service; access a handle to the checkpoint; sending a handle to the checkpoint to the restarted first service, wherein the handle to the checkpoint is configured to be used by the restarted first service to restore the one or more states. operable to transmit the first service.

Optionally, the first service is associated with a monitor. Determining that the first service needs to be restarted may optionally be based on the monitor.

Optionally, the software is also operable to generate a first key for the checkpoint when executed.

Optionally, accessing the handle may include accessing a service-key index comprising a plurality of entries corresponding to the plurality of services. Optionally, each entry in the service-key index includes a service identifier and a key associated with the service identifier.

The first service may be associated with a first service identifier.

Accessing the handle may optionally further include identifying a first key from the service-key index based on the first service identifier.

Accessing the handle may optionally further include, based on the identified first key, retrieving the handle from a plurality of handles referencing a plurality of checkpoints associated with a plurality of services.

Optionally, each of said one or more states includes one or more of a data item or a handle.

According to the present invention, there is further provided a system; The system comprises: one or more processors and a non-transitory memory coupled to the processors comprising instructions executable by the processors, when the processors execute the instructions: for a first service, see a checkpoint create a handle to ; sending the handle to the first service, the handle being configured to be used by the first service to store one or more states of the first service at the checkpoint and; determine that the first service needs to be restarted; restart the first service; access a handle to the checkpoint; sending a handle to the checkpoint to the restarted first service, wherein the handle to the checkpoint is configured to be used by the restarted first service to restore the one or more states. and the non-transitory memory operable to transmit to the first service.

The embodiments disclosed in the present application are merely examples, and the scope of the present disclosure is not limited thereto. Certain embodiments may or may not include all, some, or all of the components, elements, features, functions, operations, or steps of the embodiments disclosed in this application. Embodiments according to the invention are disclosed in the appended claims, in particular relating to a method, a storage medium, a system and a computer program product, wherein any feature mentioned in one claim category, eg a method, is also disclosed in a claim category, eg system can also be asserted in Dependencies or back references in the appended claims are taken for formal reasons only. However, any subject matter that results from an intentional back-reference to any previous claims (especially multiple dependencies) may also be claimed, thus the claims and any combination of features thereof being disclosed and appended claims. can be asserted irrespective of the dependencies chosen from Claimable subject matter also includes combinations of features as set forth in the appended claims as well as any other combination of features in the claims, each feature recited in the claims being any It may be combined with other features or combinations of other features. Moreover, any of the embodiments and features described or depicted in this application may be in a separate claim and/or any of the embodiments or features described or depicted in this application and or of the features of the appended claims. Any and any combination may be claimed.

1 illustrates an example diagram flow of reconfiguration of handle table values associated with restarting a service.
2 illustrates an example method for restoring states of service.
3 illustrates an example computer system.

In certain embodiments, the operating system of the computing system can effectively restore crashed services in the microkernel without restarting the operating system. The operating system can run a number of services, but if some of them crash or have to be restarted, the associated data can be lost, which can be detrimental to the operating system if the system needs to be restarted. To address this issue, the embodiments disclosed in this application may build a resilient operating system capable of restarting a crash service and restoring its pre-crash state without restarting the operating system. Essential skills may include maintaining the state of each service by establishing special contracts with the microkernel through APIs provided by the microkernel. A contract may provide special pages of memory that a service may checkpoint its state, particularly a state that cannot be recovered automatically. In addition, pages provided by one service may be separated from pages provided by other services so that there is little chance of changing the state in case of a conflict. By way of example and not limitation, a launcher service in an operating system may be responsible for keeping track of all services that have been launched and are currently actively running. When the operating system implements a service list, it may ask the launcher service to iterate through all of the launched services. When there is a conflict, the operating system, through the kernel API, can find a checkpoint for the launcher service on the same page or set of pages and obtain a handle to the checkpoint. During restart of the launcher service, the loader service will pass the handle to the newly-started launcher service. Through the handle, the launcher service can retrieve the state before the crash. While this disclosure describes restoring a particular state through particular systems in particular ways, this disclosure contemplates restoring any suitable state through any suitable system in any suitable manner.

In certain embodiments, the operating system may create, for the first service, a handle referencing the checkpoint. The operating system may then send the handle to the first service. The handle may be configured for use by the first service to store one or more states of the first service at a checkpoint. In certain embodiments, the operating system may determine that the first service needs to be restarted. The operating system may then restart the first service. The operating system can also access the handle to the checkpoint. In certain embodiments, the operating system may send a handle to the checkpoint to the restarted first service. The handle to the checkpoint may be configured for use by the restarted first service to restore one or more states.

In certain embodiments, the first service may be a component of an operating system. The first service may be separated from the microkernel of the operating system. As a result, even if the first service crashes, it will not crash the entire operating system. Separation alone, however, may not be sufficient to improve system reliability as there needs to be a mechanism to recover conflicting services. Additionally, an operating system based on microkernels may not have storage in microkernels. Microkernels may not have access to IO other than memory, which may require a mechanism to recover service from crashes. Embodiments disclosed in this application provide such a mechanism based on checkpoint that stores state associated with a service, so that microkernels can track the state of a service in case the operating system needs to restore state after service crashes. let there be While this disclosure describes particular services in particular systems in particular ways, this disclosure contemplates any suitable service in any suitable system in any suitable manner.

In certain embodiments, whenever a new service starts, the management service may allocate some handles to the new service. By way of example and not limitation, the management service may include a loader service. Handles can be used by system calls to reference kernel objects such as processes, threads, sockets, channels or interrupts. In certain embodiments, handles may refer to checkpoints. In certain embodiments, a handle may contain a type (job, process, socket, channel, interrupt, etc.), access rights associated with the handle, a pointer to a kernel object, an internal reference count, It can have the following properties, including status flags (free, active, closed, etc.), link list or bitmap. A technical advantage of assigning a handle to each service may include that it provides strict isolation between different services. Here, the handle is not unique across services, but the same handle value associated with a handle may refer to different kernel objects in different services. While this disclosure describes particular handles in particular systems in particular ways, this disclosure contemplates any suitable handle in any suitable system in any suitable manner.

In certain embodiments, each of the one or more states may include one or more of a data item or a handle. In certain embodiments, memory regions (eg, pages) may be provided to a service requesting to checkpoint its states based on a domain associated with the service. Memory areas may be used to store states. Within a domain, each service may have its own address span corresponding to special pages of the service. The microkernel can checkpoint state into address spans and restore it when the service is restarted. By way of example and not limitation, the launcher service may be domain 1, which may include a registered state bucket. When a launcher service crashes, the operating system (eg, via a loader service) can make a request to the microkernel for pages associated with the service. The microkernel may return a handle referencing the checkpoint. Based on the handle, the checkpoint can be accessed to retrieve pages belonging to domain 1. While this disclosure describes particular memory regions in particular systems in particular ways, this disclosure contemplates any suitable memory region in any suitable system in any suitable manner.

In certain embodiments, the first service may determine which state to checkpoint based on the type of first service. By way of example and not limitation, for a launcher service, it may have a lot of data. The launcher service can keep track of how much memory is being consumed and how many other resources are still available. These states are easy to restore and thus the launcher service may not checkpoint them. The launcher service may instead checkpoint states that are more difficult to restore. In certain embodiments, the operating system may further generate a first key for the checkpoint. Accessing the handle to the checkpoint later may be based on the first key. While this disclosure describes storing particular states via particular systems in particular ways, this disclosure contemplates storing any suitable state via any suitable system in any suitable manner.

In certain embodiments, the first service may be associated with a monitor. Determining that the first service needs to be restarted may be based on the monitor. In certain embodiments, determining that the first service needs to be restarted may be based on an indication that the first service is unresponsive. By way of example and not limitation, a conflict of a service may cause the service to become unresponsive. In certain embodiments, restarting the first service may not require restarting the one or more microkernels or the second services. One or more microkernels or second services may be components of an operating system. Although this disclosure describes determining particular restarts via particular systems in particular ways, this disclosure contemplates determining any suitable restarts via any suitable system in any suitable manner.

In certain embodiments, accessing the handle may include accessing a service-key index comprising a plurality of entries corresponding to the plurality of services. Each entry in the service-key index may include a service identifier and a key associated with the service identifier. In certain embodiments, the first service may be associated with a first service identifier. Accordingly, accessing the handle may further include the following steps. First, the operating system may identify the first key from the service-key index, based on the first service identifier. The operating system may then retrieve, based on the identified first key, the handle from the plurality of handles referencing a plurality of checkpoints associated with the plurality of services. While this disclosure describes accessing particular indices through particular systems in particular ways, this disclosure contemplates accessing any suitable index through any suitable system in any suitable manner.

1 illustrates an example diagram flow 100 of reconfiguration of handle table values associated with restarting a service. In certain embodiments, the handle may point to an object and may consist of the real object 102 itself in the microkernel 104 . The microkernel 104 may create a handle table 106 associated with one or more handles to the new service. As displayed in FIG. 1 , the new service may be represented by S ₁ , which may have two handles, H ₁ and H ₂ . A handle table T ₁ may be created for two handles. The microkernel 104 may need to convert handles to handle values in the handle table 106 for the service. Thus, the handle may have an opaque integer that the microkernel 104 may index through the handle table 106 . In certain embodiments, each handle may have information stored in the handle table 106 . Information associated with the handle may include a handle ID 108 , which may further include an index, create field, and an offset field. 1 , each handle may point to an object 102 , ie, H ₁ points to object 1 (obj ₁ ) and H ₂ points to object 2 (obj ₂ ). The handle values for each handle in the handle table 106 may change when the service restarts. However, the indexes of the handles may remain the same. In other words, an opaque integer that the service had before may not map to anything in the regenerated handle table 106 and the microkernel 104 may not be able to locate the object 102 the handle points to. As a result, when a durable service provided by the operating system checkpoints state, a list of handles must also be stored in the microkernel 104 and the handle table 106 is recreated for these handles when the service restarts. should be guaranteed to be As displayed in FIG. 2 , the microkernel 104 may store two handles pointing to the objects 102 in the checkpoint defect area 110 . As displayed in FIG. 1 , storing two handles may result in a record of handles, ie H′ ₁ and H′ ₂ . In certain embodiments, when a service crashes, its handle table 106 may disappear. When the service restarts, it may reclaim the special space (ie, checkpoint faulty area 110 ). As indicated in FIG. 1 , the restarted service is indicated as S _{N +1} . The restarted service may be assigned two handles (H _r and H _s ). The microkernel 104 may need to ensure that these handles are still active handles in the restarted service by re-creating the handle table 106 for the restarted service, denoted T _N+1 in FIG. 1 . While this disclosure describes a particular diagram flow for re-creating particular handle tables in particular ways, this disclosure contemplates any suitable diagram flow for re-creating any suitable handle table in any suitable manner.

2 illustrates an example method 200 for restoring states of service. The method may begin at step 210 , where the operating system may create, for the first service, a handle referencing the checkpoint. In step 220, the operating system may send a handle to the first service, wherein the handle is configured to be used by the first service to store one or more states of the first service at a checkpoint. In step 230, the operating system may determine that the first service needs to be restarted. In step 240 , the operating system may restart the first service. At step 250, the operating system can access the handle to the checkpoint. At step 260 , the operating system may send a handle to the checkpoint to the restarted first service, wherein the handle to the checkpoint is configured for use by the restarted first service to restore one or more states. Certain embodiments may repeat one or more steps of the method of FIG. 2 as appropriate. While this disclosure describes and illustrates specific steps of the method of FIG. 2 as occurring in a specific order, this disclosure contemplates any suitable steps of the method of FIG. 2 occurring in any suitable order. Moreover, while this disclosure describes and illustrates an exemplary method for restoring states of service, including specific steps of the method of FIG. 2 , this disclosure includes, where appropriate, all, some, or all of the steps of the method of FIG. Any suitable method for restoring states of service is contemplated, including any suitable steps, which may or may not include. Moreover, while this disclosure describes and illustrates specific components, devices, or systems performing specific steps of the method of FIG. 2 , this disclosure provides for any suitable configuration for performing any suitable steps of the method of FIG. 2 . Any suitable combination of elements, devices, or systems is contemplated.

Embodiments of the present invention may include or be implemented with an artificial reality system. Artificial reality is a form of reality that has been adjusted in some way prior to presentation to a user, such as virtual reality (VR), augmented reality (AR), mixed reality (MR), hybrid reality, or some combination thereof and / or derivatives. Artificial reality content may include fully generated content or generated content combined with captured content (eg, real-world photos). Artificial reality content may include video, audio, haptic feedback, or some combination thereof, any of which may be in a single channel or in multiple channels (such as stereo video creating a three-dimensional effect to the viewer). ) can be provided. Additionally, in some embodiments, artificial reality is, for example, used to create content in and/or used in (eg, performing activities on) applications, products, accessories in artificial reality. , services, or some combination thereof. An artificial reality system that provides artificial reality content may include a head-mounted display (HMD) coupled to a host computer system, a standalone HMD, a mobile device or computing system, or any other capable of providing artificial reality content to one or more viewers. It may be implemented on a variety of platforms, including hardware platforms.

3 illustrates an example computer system 300 . In certain embodiments, one or more computer systems 300 perform one or more steps of one or more methods described or illustrated herein. In certain embodiments, one or more computer systems 300 provide the functionality described or illustrated herein. In certain embodiments, software running on one or more computer systems 300 performs one or more steps of one or more methods described or illustrated herein or provides functionality described or illustrated herein. . Certain embodiments include one or more portions of one or more computer systems 300 . In this application, reference to a computer system includes, where appropriate, computing devices and vice versa. Moreover, reference to a computer system may include one or more computer systems, where appropriate.

This disclosure contemplates any suitable number of computer systems 300 . This disclosure contemplates computer system 300 taking any suitable physical form. By way of example, and not limitation, computer system 300 may be an embedded computer system, a system-on-chip (SOC), a single-board computer system (SBC) (eg, a computer-on-module (COM) or a system- on-modules (SOMs), desktop computer systems, laptop or notebook computer systems, interactive kiosks, mainframes, meshes of computer systems, mobile phones, personal digital assistants (PDAs), servers, tablet computer systems, augmented/ It may be a virtual reality device, or a combination of two or more thereof. Where appropriate, computer system 300 includes one or more computer systems 300 ; integrated or distributed; encompasses multiple locations; encompasses multiple machines; span multiple data centers; or may reside in a cloud, which may include one or more cloud components in one or more networks. Where appropriate, one or more computer systems 300 may perform one or more steps of one or more methods described or illustrated herein without significant spatial or temporal limitations. By way of example and not limitation, one or more computer systems 300 may perform one or more steps of one or more methods described or illustrated herein in real time or in batch mode. One or more computer systems 300 may perform one or more steps of one or more methods described or illustrated herein at different times or at different locations, as appropriate.

In certain embodiments, computer system 300 includes processor 302 , memory 304 , storage 306 , input/output (I/O) interface 308 , communication interface 310 , and a bus ( 312). While this disclosure describes and exemplifies specific computer systems having a specific number of specific components in a specific arrangement, this disclosure contemplates any suitable computer system having any suitable number of any suitable components in any suitable arrangement. do.

In certain embodiments, processor 302 includes hardware for executing instructions, such as those comprising a computer program. By way of example and not limitation, to execute instructions, processor 302 retrieves (or fetches) instructions from an internal register, internal cache, memory 304 , or storage 306 ; decode and execute them; One or more results may then be written to an internal register, internal cache, memory 304 , or storage 306 . In certain embodiments, the processor 302 may include one or more internal caches for data, instructions, or addresses. This disclosure contemplates a processor 302 including any suitable number of any suitable internal caches, where appropriate. By way of example and not limitation, processor 302 may include one or more instruction caches, one or more data caches, and one or more translation lookaside buffers (TLBs). Instructions in instruction caches may be copies of instructions in memory 304 or storage 306 , and instruction caches may speed up retrieval of these instructions by processor 302 . Data in data caches may include copies of data in memory 304 or storage 306 for instructions executed by processor 302 to act; the results of previous instructions executed by the processor 302 for access by instructions executed by the processor 302 or for writing to the memory 304 or storage 306 ; or other suitable data. Data caches may speed up read or write operations by the processor 302 . TLBs may speed up virtual-to-address translation for processor 302 . In certain embodiments, the processor 302 may include one or more internal registers for data, instructions, or addresses. This disclosure contemplates a processor 302 including any suitable number of any suitable internal registers, where appropriate. Where appropriate, processor 302 includes one or more arithmetic logic units (ALUs); is a multi-core processor; or one or more processors 302 . While this disclosure describes and illustrates a particular processor, this disclosure contemplates any suitable processor.

In certain embodiments, memory 304 includes main memory for storing instructions for processor 302 to execute or data for processor 302 to operate on. By way of example and not limitation, computer system 300 may load instructions into memory 304 from storage 306 or another source (eg, such as another computer system 300 ). Processor 302 may then load instructions from memory 304 into an internal register or internal cache. To execute the instructions, the processor 302 may retrieve the instructions from an internal register or internal cache and decode them. During or after execution of instructions, processor 302 may write one or more results (which may be intermediate or final results) to an internal register or internal cache. The processor 302 may then write one or more of these results to the memory 304 . In certain embodiments, processor 302 executes only instructions in memory 304 or in one or more internal registers or internal caches (as opposed to storage 306 or elsewhere) and only executes instructions in one or more internal registers or internal caches (as opposed to storage 306 or elsewhere). It may only operate on data in registers or internal caches or in memory 304 (as opposed to storage 306 or elsewhere). One or more memory buses, each of which may include an address bus and a data bus, may couple the processor 302 to the memory 304 . Bus 312 may include one or more memory buses, as described below. In certain embodiments, one or more memory management units (MMUs) reside between the processor 302 and the memory 304 and enable accesses to the memory 304 requested by the processor 302 . In certain embodiments, memory 304 may include random access memory (RAM). Such RAM may be volatile memory, where appropriate. Where appropriate, such RAM may be dynamic RAM (DRAM) or static RAM (SRAM). Moreover, where appropriate, such RAM may be a single-port type or a multi-port type RAM. This disclosure contemplates any suitable RAM. Memory 304 may include one or more memories 304 as appropriate. While this disclosure describes and illustrates particular memories, this disclosure contemplates any suitable memory.

In certain embodiments, storage 306 includes mass storage for data or instructions. By way of example, and not limitation, storage device 306 may be a hard disk drive (HDD), floppy disk drive, flash memory, optical disk, magneto-optical disk, magnetic tape, or universal serial bus (USB) drive, or both. Combinations of the above are included. Storage 306 may include removable or non-removable (or fixed) media as appropriate. Storage 306 may be internal or external to computer system 300 as appropriate. In certain embodiments, storage 306 is a non-volatile, solid-state memory. In certain embodiments, storage 306 includes read-only memory (ROM). Where appropriate, such ROM may be mask-programmed ROM, programmable ROM (PROM), erasable PROM (EPROM), electrically erasable PROM (EEPROM), electrically changeable ROM (EAROM), or flash memory or any of these Combinations of two or more are included. This disclosure contemplates mass storage 306 taking any suitable physical form. Storage 306 may include one or more storage control units that enable communication between processor 302 and storage 306 , where appropriate. Where appropriate, storage 306 may include one or more storage devices 306 . While this disclosure describes and illustrates specific storage devices, this disclosure contemplates any suitable storage device.

In certain embodiments, I/O interface 308 includes hardware, software, or both, that provides one or more interfaces for communication between computer system 300 and one or more I/O devices. Computer system 300 may include one or more of these I/O devices as appropriate. One or more of these I/O devices may enable communication between a person and the computer system 300 . By way of example and not limitation, an I/O device may be a keyboard, keypad, microphone, monitor, mouse, printer, scanner, speaker, still camera, stylus, tablet, touch screen, trackball, video camera, other suitable I/O device. or a combination of two or more thereof. An I/O device may include one or more sensors. This disclosure contemplates any suitable I/O devices and any suitable I/O interfaces 308 for them. Where appropriate, I/O interfaces 308 may include one or more device or software drivers that enable processor 302 to drive one or more of these I/O devices. I/O interface 308 may include one or more I/O interfaces 308 as appropriate. While this disclosure describes and illustrates specific I/O interfaces, this disclosure contemplates any suitable I/O interface.

In certain embodiments, communication interface 310 is one for communication (eg, such as packet-based communication) between computer system 300 and one or more other computer systems 300 or one or more networks. hardware, software, or both providing the above interfaces. By way of example and not limitation, communication interface 310 may include a network interface controller (NIC) for communicating with an Ethernet or other wire-based network or a wireless NIC for communicating with a wireless network, such as a network adapter or WI-FI network ( WNIC) or wireless adapter. This disclosure contemplates any suitable network and any suitable communication interface 310 therefor. By way of example, and not limitation, computer system 300 may be an ad hoc network, a personal area network (PAN), a local area network (LAN), a wide area network (WAN), a metropolitan area network (MAN), or one or more portions of the Internet. or a combination of two or more of these. One or more portions of one or more of these networks may be wired or wireless. By way of example, computer system 300 may include a wireless PAN (WPAN) (eg, BLUETOOTH WPAN), a WI-FI network, a WI-MAX network, a cellular telephone network (eg, a global system for mobile communications). (GSM) network), or other suitable wireless network, or a combination of two or more thereof. Computer system 300 may include any suitable communication interface 310 for any of these networks, where appropriate. Communication interface 310 may include one or more communication interfaces 310 as appropriate. Although this disclosure describes and illustrates specific communication interfaces, this disclosure contemplates any suitable communication interface.

In certain embodiments, bus 312 includes hardware, software, or both that couple components of computer system 300 together. By way of example, and not limitation, bus 312 may be an accelerated graphics port (AGP) or other graphics bus, an enhanced industry standard architecture (EISA) bus, a front-side bus (FSB), a HYPERTRANSPORT (HT) interconnect, an industry standard Architecture (ISA) Bus, INFINIBAND Interconnect, Low-Pin-Count (LPC) Bus, Memory Bus, Micro Channel Architecture (MCA) Bus, Peripheral Component Interconnect (PCI) Bus, PCI-Express (PCIe) Bus, Serial an advanced technology access (SATA) bus, a Video Electronics Standards Association Local (VLB) bus, or another suitable bus, or a combination of two or more thereof. Bus 312 may include one or more buses 312 as appropriate. Although this disclosure describes and illustrates a particular bus, this disclosure contemplates any suitable bus or interconnection.

In the present application, a computer-readable non-transitory storage medium or media, where appropriate, includes one or more semiconductor-based or other integrated circuits (ICs) (eg, field-programmable gate arrays (FPGAs) or application-specific ICs (such as ASICs), hard disk drives (HDDs), hybrid hard drives (HHDs), optical disks, optical disk drives (ODDs), magneto-optical disks, Magnetic-science drives, floppy diskettes, floppy disk drives (FDDs), magnetic tapes, solid-state drives (SSDs), RAM-drives, SECURE DIGITAL cards or drives, any other suitable computer-readable non-transitory storage media, or any suitable combination of two or more thereof. A computer-readable non-transitory storage medium can be volatile, non-volatile, or a combination of volatile and non-volatile, where appropriate.

In this application, "or" is inclusive and not exclusive, unless clearly indicated otherwise or otherwise indicated by context. Therefore, in this application, "A or B" means "A, B, or both," unless expressly indicated otherwise or otherwise indicated by context. Therefore, in this application, "A and B" means "A and B, jointly or each," unless expressly indicated otherwise or otherwise indicated by context.

The scope of the present disclosure includes all changes, substitutions, variations, alterations, and modifications to the exemplary embodiments described or illustrated in this application as will be understood by those skilled in the art. The scope of the present disclosure is not limited to the exemplary embodiments described or illustrated in this application. Moreover, although this disclosure describes and illustrates each embodiment in this application as including specific components, elements, feature, functions, operations, or steps, any of these embodiments may include any combination or permutation of any of the components, elements, features, functions, operations, or steps described or illustrated elsewhere in this application as would be understood by one of ordinary skill in the art there is. Moreover, reference in the appended claims to an apparatus or system or component of an apparatus or system adapted, arranged, capable, configured, enabled, operable or operative to perform a particular function, As long as the device, system, or component is so adapted, arranged, enabled, configured, enabled, operable, or operative, it or the particular function is activated, turned on, or locked including the devices, systems and components, whether or not released. Additionally, while this disclosure describes or illustrates certain embodiments as providing certain advantages, certain embodiments may provide some, all, or none of these advantages.

Claims (15)

In the method,
by an operating system running on the computing device:
creating, for the first service, a handle referencing the checkpoint;
sending the handle to the first service, wherein the handle is configured to be used by the first service to store one or more states of the first service at the checkpoint. transmitting;
determining that the first service needs to be restarted;
restarting the first service;
accessing a handle to the checkpoint; and
sending a handle to the checkpoint to a restarted first service, wherein the handle to the checkpoint is configured for use by the restarted first service to restore the one or more states. sending a handle to the restarted first service. The method of claim 1 , wherein the first service is associated with a monitor, and wherein determining that the first service needs to be restarted is based on the monitor. The method of claim 1 , further comprising generating a first key for the checkpoint, wherein accessing the handle to the checkpoint is based on the first key. The method of claim 1 , wherein: the first service is a component of the operating system; and/or determining that the first service needs to be restarted is based on an indication that the first service is unresponsive. 2. The method of claim 1, wherein accessing the handle comprises accessing a service-key index comprising a plurality of entities corresponding to a plurality of services, wherein each entry in the service-key index is a service identifier. and a key associated with the service identifier;
The first service is associated with a first service identifier, and accessing the handle comprises:
identifying a first key from the service-key index based on the first service identifier; and retrieving the handle from a plurality of handles that reference a plurality of checkpoints associated with a plurality of services based on the identified first key. The method of claim 1 , wherein each of the one or more states comprises one or more of a data item or a handle. The method of claim 1 , wherein restarting the first service does not require restarting one or more microkernels or second services, the one or more microkernels or second services being components of the operating system. method. One or more computer-readable non-transitory storage media comprising software, comprising:
When the software is run:
create, for the first service, a handle referencing the checkpoint;
send the handle to the first service, the handle configured for use by the first service to store one or more states of the first service at the checkpoint;
determine that the first service needs to be restarted;
restart the first service;
access a handle to the checkpoint;
operable to transmit a handle to the checkpoint to the restarted first service;
and the handle to the checkpoint is configured to be used by the restarted first service to restore the one or more states. The one or more computer-readable non-transitory storage media of claim 11 , wherein the first service is associated with a monitor, and wherein determining that the first service needs to be restarted is based on the monitor. The one or more computer-readable files of claim 11 , wherein the software is further operable to generate a first key for the checkpoint when executed, and wherein accessing a handle to the checkpoint is based on the first key. Possible non-transitory storage media. 12. The method of claim 11, wherein the first service is a component of the operating system; and/or determining that the first service needs to be restarted is based on an indication that the first service is unresponsive. 12. The method of claim 11, wherein accessing the handle comprises accessing a service-key index comprising a plurality of entries corresponding to a plurality of services, wherein each entry in the service-key index includes a service identifier and the service a key associated with the identifier;
The first service is associated with a first service identifier, and accessing the handle comprises:
identifying a first key from the service-key index based on the first service identifier; and, based on the identified first key, retrieving the handle from a plurality of handles referencing a plurality of checkpoints associated with a plurality of services. . The one or more computer-readable non-transitory storage media of claim 11 , wherein each of the one or more states comprises one or more of a data item or a handle. In the system,
one or more processors; and
a non-transitory memory coupled to the processors comprising instructions executable by the processors;
When the processors execute the instructions:
create, for the first service, a handle referencing the checkpoint;
send the handle to the first service, the handle configured for use by the first service to store one or more states of the first service at the checkpoint;
determine that the first service needs to be restarted;
restart the first service;
access a handle to the checkpoint;
operable to transmit a handle to the checkpoint to the restarted first service;
and the handle to the checkpoint is configured for use by the restarted first service to restore the one or more states. 15. The system of claim 14, wherein the instructions, when executed by the one or more processors, cause the system to perform the method of any one of claims 2-8.

Images